Enterprise
Custom sandbox images for your real stack
Rails, Java, Go, Python, Node, multi-process backends — custom sandbox images bring the technology you already run into the same governed AI delivery loop.
Custom sandbox images let Ciao wrap AI-assisted engineering around the stack you already run: Rails, Java, Go, Python, Node and multi-process backends. Unlike AI app builders that only work on their own greenfield template, Ciao builds the sandbox around your technology — so existing systems get the same governed loop as new ones: Guardrails policies, recorded review, automated QA, live security testing and an append-only audit trail.
Published 2026-07-03 · Last updated 2026-07-03
Your estate is not a template, and pretending otherwise costs you
Walk through any established engineering organization and you will find the truth every architect knows: the estate is plural. A Rails monolith carrying the core product, Java services in the integration layer, Go where performance mattered, Python holding the data pipelines together, Node on the edges — often several of these owned by the same team. None of it is a mistake; each choice was right when it was made. But it means any tool that only works on one blessed greenfield stack governs a sliver of your actual risk.
That sliver problem is what makes most AI development tooling hard to adopt at the enterprise level. If the AI platform only builds new apps on its own template, then your policies, review workflow and audit trail apply to the new and shiny — while the systems that actually run the business, the ones a bad change can genuinely hurt, stay outside the loop. A governance story with that hole in it does not survive a serious review.
Custom sandbox images are Ciao's answer. The sandbox — the environment where AI-assisted engineering runs, tests and iterates — is built to match your stack: Rails, Java, Go, Python, Node and multi-process backends. The delivery loop stays identical across all of them, which is precisely what makes it governable: one policy set, one review model, one audit trail, many technologies.
What Ciao provides
- Sandbox images built for your stack — Custom sandbox images wrap AI-assisted engineering around Rails, Java, Go, Python, Node and multi-process backends — runtimes, services and dependencies arranged the way your systems actually run.
- Multi-process fidelity — Backends that are several cooperating processes — app server, workers, queues — run as they do in reality, so what the AI builds against behaves like what production does.
- One governance model across stacks — Guardrails maps code into business areas, detects risky changes, applies plain-English policies and records human review — the same discipline whether the change lands in Rails or Go.
- One testing discipline — QA runs deterministic browser replays, self-healing tests, smoke gates before publish and production checks after; Security confirms vulnerabilities against the live app before flagging them.
- Isolated, scalable infrastructure — Sandboxes run on Kubernetes in isolated pods with hibernation and wake and multi-region support, so a fleet of stack-specific environments stays operable and affordable.
- Fleet visibility — Conductor gives one screen for hundreds — sometimes thousands — of projects with live health and protected-zone visibility, whatever mix of stacks sits underneath.
How a custom-stack engagement runs
1. Inventory the stack
With the enterprise team, you define what the sandbox must contain: language runtimes, frameworks, services, dependencies and the processes that must run together.
2. Build the image
A custom sandbox image is created for that shape, so every AI-assisted session starts in an environment that matches how the system really runs.
3. Set the policy layer
Guardrails business-area mapping and plain-English policies are configured for the codebase — protected zones and review routing defined before change volume arrives.
4. Deliver through the loop
Teams describe changes in plain language; work is built in the sandbox, tested by QA, checked by Security, reviewed under policy and merged with its audit trail.
5. Deploy where you need
Ship to Ciao cloud, your own AWS, Azure or GCP account, a private VPC — or on-prem under separate terms for the systems that require it.
Verification and commercial notes
Custom sandbox images are scoped with the enterprise team — bring a real system, ideally an awkward one, and evaluate against that rather than a demo app. Ask to see the loop run end to end on your stack: a change described in plain language, built in the sandbox, caught by a Guardrails policy, reviewed, tested and merged with its audit record. SOC 2 Type II reports are available under NDA and the security pack on request. Serious production programs start at USD 10,000 per year; custom-stack scope is part of the engagement, and pairs naturally with the legacy-modernization work described on its own page.
The economics follow the same logic as the governance. One loop across stacks means platform teams maintain a single policy set, a single review model and a single operational runbook instead of a per-stack patchwork — and engineers moving between systems carry the workflow with them rather than relearning it at every boundary.
Stack coverage and what it means in practice
| Stack | Typical estate role | In the governed loop |
|---|---|---|
| Rails | Core product monoliths | Yes — custom sandbox image |
| Java | Integration and enterprise services | Yes — custom sandbox image |
| Go | Performance-critical services | Yes — custom sandbox image |
| Python | Data pipelines and internal services | Yes — custom sandbox image |
| Node | APIs and edge services | Yes — custom sandbox image |
| Multi-process backends | App server plus workers and queues | Yes — processes run together in the sandbox |
Frequently asked questions
Is this the same product as the greenfield React builder?
Same platform, same loop. Ciao generates real React, TypeScript and Supabase applications for new builds, and custom sandbox images extend the identical delivery loop — Guardrails, QA, Security, audit — around Rails, Java, Go, Python, Node and multi-process backends.
What can a custom sandbox image actually contain?
The runtimes, frameworks, services and dependencies your system needs to build and run realistically, including backends composed of multiple cooperating processes. The exact contents are defined with the enterprise team from your system's real shape.
Does governance differ between stacks?
No, and that is the point. Guardrails applies the same plain-English policies, recorded review and append-only audit trail regardless of language, so your risk function maintains one control model instead of one per stack.
How is each stack's environment isolated?
Sandboxes run on Kubernetes in isolated pods, with hibernation and wake keeping dormant environments from burning resources. Architecture details for reviewers are in the security pack, available on request.
Can these systems deploy inside our own infrastructure?
Yes. Deploy to your own AWS, Azure or GCP account or a private VPC, with on-prem available under separate terms — often the natural posture for the existing systems custom stacks are built around.